Tapping a Wireless Network

Problem

You are running a wireless network and you need to secure it.

Solution

Snort itself is incapable of sniffing a wireless network. A possible workaround is to use a wireless switch, and use an uplink or span port on it to collect the data.

Discussion

It is advisable to use Snort to monitor the packets that come off your wireless network, because you have no physical control over who can and can't connect to the network, making it a far more risky environment than your normal network. A good wireless switch will allow you to monitor all traffic through either an uplink port or a span port, and then you can use Snort in the same way as on a normal network.

There are other tools available on the Internet that allow you to sniff wireless connections:

AirSnort (http://airsnort.shmoo.com/)

This is available from , but despite having a similar name, it has nothing to do with Snort apart from being a packet sniffer.

Snort-Wireless (http://www.wireless-snort.org/)

This set of patches for Snort allows Snort to natively sniff wireless networks.

See Also

AirSnort online docs (http://airsnort.shmoo.com/)

Snort-Wireless (http://www.snort-wireless.org/)

Positioning Your IDS Sensors

Installing Snort from Source on Unix

Logging to a File Quickly

How to Build Rules

Detecting Stateless Attacks and Stream Reassembly

Managing Snort Sensors

Generating Statistical Output from Snort Logs

Monitoring Network Performance

Index



Snort Cookbook
Snort Cookbook
ISBN: 0596007914
EAN: 2147483647
Year: 2006
Pages: 167

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net